zaproxy && python ¶
See also
https://github.com/zaproxy/zaproxy/wiki/ApiPython ¶
Python client API ¶
The Python client can be downloaded from PyPI (download link in The ZAP API page) or it can be installed using:
pip install python-owasp-zap-v2.4
As of ZAP 2.0.0 the Python API is generated (using this class).
Note that the example has now been updated to the v2.4 API :)
An example python script ¶
1 #!/usr/bin/env python
2
3 import time
4 from pprint import pprint
5 from zapv2 import ZAPv2
6
7 target = 'http://127.0.0.1'
8 apikey = 'changeme' # Change to match the API key set in ZAP, or use None if the API key is disabled
9
10 # By default ZAP API client will connect to port 8080
11 zap = ZAPv2(apikey=apikey)
12 # Use the line below if ZAP is not listening on port 8080, for example, if listening on port 8090
13 # zap = ZAPv2(apikey=apikey, proxies={'http': 'http://127.0.0.1:8090', 'https': 'http://127.0.0.1:8090'})
14
15 # do stuff
16 print 'Accessing target %s' % target
17 # try have a unique enough session...
18 zap.urlopen(target)
19 # Give the sites tree a chance to get updated
20 time.sleep(2)
21
22 print 'Spidering target %s' % target
23 scanid = zap.spider.scan(target)
24 # Give the Spider a chance to start
25 time.sleep(2)
26 while (int(zap.spider.status(scanid)) < 100):
27 print 'Spider progress %: ' + zap.spider.status(scanid)
28 time.sleep(2)
29
30 print 'Spider completed'
31 # Give the passive scanner a chance to finish
32 time.sleep(5)
33
34 print 'Scanning target %s' % target
35 scanid = zap.ascan.scan(target)
36 while (int(zap.ascan.status(scanid)) < 100):
37 print 'Scan progress %: ' + zap.ascan.status(scanid)
38 time.sleep(5)
39
40 print 'Scan completed'
41
42 # Report the results
43
44 print 'Hosts: ' + ', '.join(zap.core.hosts)
45 print 'Alerts: '
46 pprint (zap.core.alerts())